Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
8,256 Commits 32 Branches 333 Tags 109 MiB
Commit Graph

8256 Commits

Author SHA1 Message Date
Alexey Nesterov 0babe7d930 Correctly configure authorization requests repository for OAuth2 login 
To use custom ServerAuthorizationRequestRepository both OAuth2AuthorizationRequestRedirectWebFilter and
OAuth2LoginAuthenticationWebFilter should use the same repo provided in the configuration. Currently the former filter is
correctly configured, but the latter always uses default, WebSession based repository. So authorization code created
before redirect to authorization endpoint will never be found to complete OAuth2 login when custom
ServerAuthorizationRequestRepository is used.

This change also makes OAuth2Client and OAuth2Login authentication converters consistent.

Fixes gh-7675
 2019-11-29 13:58:27 -05:00
Joe Grandja b905cb8aaa Polish OAuth2AuthorizedClientArgumentResolver 2019-11-28 10:31:29 -05:00
Joe Grandja 19c2209a12 ServerOAuth2AuthorizedClientExchangeFilterFunction works with UnAuthenticatedServerOAuth2AuthorizedClientRepository 
Fixes gh-7544
 2019-11-28 10:31:18 -05:00
Joe Grandja 18f48e4a16 DefaultReactiveOAuth2AuthorizedClientManager requires non-null serverWebExchange 
Issue gh-7544
 2019-11-28 10:31:06 -05:00
ryenus 42ab6736e1 typo fix: consecutive-word duplications (#7673) 
* fix typo: require require

* more typo fix: consecutive-word duplications

Following previously finding, I then used `rg` to find other similar
typos, with false positives manually excluded, using the following
command:

    rg -t asciidoc -Pp '\b(\w+)\s+\1\b'
 2019-11-26 18:35:28 +01:00
Rob Winch af47e730a0 Only Hello Spring Security Boot 
For those getting started, we really need to send the message of using
Spring Boot.

Fixes gh-7627
 2019-11-26 08:38:29 -06:00
Eleftheria Stein c5b36664ce Polish PrincipalSid 
Remove reduntant UserDetails check and add tests
 2019-11-26 15:09:44 +01:00
杨博 (Yang Bo) ea148d5fee Avoid toString in favor of getName for extract sid 
There are some more sophisticated implementations of `getName` in `AbstractAuthenticationToken`  and other `Authentication` classes.
 2019-11-26 15:09:44 +01:00
Rob Winch b3d177fc7e Extract HTTPS Documentation 
Fixes gh-7626
 2019-11-25 15:49:51 -06:00
Josh Cummings 7cbd1665a6
Isolate Jwt Test Support 
Isolating Jwt test support inside JwtRequestPostProcessor and
JwtMutator.

Fixes gh-7641
 2019-11-22 15:07:05 -07:00
Eleftheria Stein 8a95e5798d Update @MessageMapping to match input/output cardinality 2019-11-22 15:07:38 -06:00
Pim Moerenhout cd0bec48de Fix typo in log message. 2019-11-21 15:55:27 -07:00
Paul Pazderski 0d35194b47 Add sessionFixation Javadoc 2019-11-15 12:17:05 +01:00
Josh Cummings 22ae3eb765
Polish Error-handling Tests 
Tests should assert the error message content that Spring Security
controls.

Fixes gh-7647
 2019-11-14 16:13:39 -07:00
Adrian Pena ca8877c8c5 Updates javadoc for InitializeUserDetailsBeanManagerConfigurer 2019-11-13 10:34:10 +01:00
Josh Cummings bc2aedac69
Update to nimbus-jose-jwt 7.8.1 
Fixes gh-7570
 2019-11-11 12:56:29 -07:00
Rafiullah Hamedy 58ca81d500 Make jwks_uri optional for RFC 8414 and Required for OpenID Connect 
OpenID Connect Discovery 1.0 expects the OpenId Provider Metadata 
response is expected to return a valid jwks_uri, however, this field is 
optional in the Authorization Server Metadata response as per RFC 8414
specification.

Fixes gh-7512
 2019-11-11 10:34:06 -07:00
Rob Winch e1fad001d9 Extract HTTP Response Headers Documentation 
Fixes gh-7625
 2019-11-07 10:55:40 -06:00
Eleftheria Stein 1188a3bb5f Polish RememberMeConfigurer 
Issue: gh-4140
 2019-11-07 15:26:59 +01:00
邓超 b13f750646 Retrieve remember-me key from service as fallback 
Fixes: gh-4140
 2019-11-07 13:55:39 +01:00
LeeHainie 4b4c6e612b Remove unnecessary instantiation in root 
Fixes: gh-7635
 2019-11-07 10:26:02 +01:00
Kristine Jetzke 97fd3d7c84 Clarify usage of hasAnyRole and hasAnyAuthority 2019-11-07 10:07:42 +01:00
Yanming Zhou 9f6a36444a Add missing schemas 2019-11-06 08:24:20 -06:00
Eddú Meléndez 27aa61b02f Use LocalRSocketServerPort annotation 2019-11-06 10:10:32 +01:00
Drummond Dawson 4f82be7e68 Support URI vars in formLogin and logout MockMvc requests 2019-11-05 09:46:50 +01:00
Rob Winch 8722a4b0d0 Revert "Update to AspectJ 1.9.4" 
This reverts commit 90c475e6b8.
 2019-11-04 13:10:26 -06:00
Josh Cummings 925bf48ec0
Polish OAuth2ResourceServerConfigurerTests 
To confirm that resource server only produces SCOPE_<scope>
authorities by default.

Issue gh-7596
 2019-11-04 11:39:54 -07:00
Rob Winch 2d9e4d6c0b Next Development Version 2019-11-04 11:19:15 -06:00
Rob Winch 5b8369b7c3 Release 5.2.1.RELEASE 2019-11-04 11:18:41 -06:00
Josh Cummings 63647e9546
Add Resource Server Multi-tenancy Docs 
Fixes: gh-7532
 2019-11-04 10:15:56 -07:00
Rob Winch bd4f2057ca Update to blockound 1.0.1.RELEASE 
Fixes gh-7613
 2019-11-04 11:12:57 -06:00
Rob Winch 0310cc112e Update to hibernate-validator 6.1.0.Final 
Fixes gh-7612
 2019-11-04 11:12:45 -06:00
Rob Winch 6c23d567b9 Update to hibernate-entitymanager 5.4.8.Final 
Fixes gh-7611
 2019-11-04 11:12:35 -06:00
Rob Winch dfefaa94b5 Update to Unbounded 4.0.12 
Fixes gh-7610
 2019-11-04 11:12:24 -06:00
Rob Winch 9558fbdaf1 Update to powermock 2.0.4 
Fixes gh-7609
 2019-11-04 11:12:10 -06:00
Rob Winch a8db3eb0f2 Update to Bouncy Castle 1.64 
Fixes gh-7608
 2019-11-04 11:11:56 -06:00
Rob Winch 2608bc0bd2 Update to Reactor Dysprosium-SR1 
Fixes gh-7607
 2019-11-04 11:11:41 -06:00
Rob Winch b57ec7d066 Update to GAE 1.9.76 
Fixes gh-7606
 2019-11-04 11:11:31 -06:00
Rob Winch 90c475e6b8 Update to AspectJ 1.9.4 
Fixes gh-7605
 2019-11-04 11:11:20 -06:00
Rob Winch 34daf4eeba Update to Spring Data Moore-SR1 
Fixes gh-7604
 2019-11-04 11:11:05 -06:00
Rob Winch f5704a8960 Update to Spring 5.2.1.RELEASE 
Fixes gh-7603
 2019-11-04 11:10:44 -06:00
Filip Hanik 0cafcf37e2 Make the loginProcessingUrl configurable for saml2Login() 
Fixes gh-7565

https://github.com/spring-projects/spring-security/issues/7565
 2019-10-31 08:20:12 -07:00
Josh Cummings 5f17032ffd Restore Removed Throws Clauses 
In a recent clean-up, certain exceptions were removed from various
throws clauses.

This PR re-introduces throws clauses that are important for one of the
following reasons:

1. It's a method on a public interface
2. It's a method clearly designed for inheritance, for example, a
method stub, an abstract method, or indicated as such in the docs.

Fixes gh-7541
 2019-10-30 12:13:54 -06:00
Mike Truso a4430aa21b Fix variable reference in sample code 2019-10-29 14:04:05 -06:00
Filip Hanik 0f14844acf We will not validate IP addresses as part of assertion validation 
Fixes gh-7514

https://github.com/spring-projects/spring-security/issues/7514
 2019-10-28 20:08:42 -07:00
Josh Cummings ed02ef9773
Add Test for Malformed Scope 
Fixes gh-7563
 2019-10-28 16:55:56 -06:00
Rob Winch badb0a08c6 Fix exploits indendation 
Issue gh-2567
 2019-10-28 16:00:51 -05:00
Rob Winch 2827af15e0 Document Reactive CSRF Support 
Fixes gh-6487
 2019-10-28 15:14:14 -05:00
Rob Winch 635f7e1edd CsrfWebFilter supports multipart/form-data 
Fixes gh-7576
 2019-10-28 14:06:10 -05:00
Josh Cummings 387f765595
Catch Malformed BearerTokenError Descriptions 
Fixes gh-7549
 2019-10-28 12:30:27 -06:00